Vulnerability in dependency (google-gax > protobufjs)

googleapis / nodejs-logging

Node.js client for Stackdriver Logging: Store, search, analyze, monitor, and alert on log data and events from Google Cloud Platform and Amazon Web Services (AWS).

https://cloud.google.com/logging/

Apache License 2.0

168 stars 99 forks source link

Vulnerability in dependency (google-gax > protobufjs) #1498

Open scaryguy opened 3 months ago

scaryguy commented 3 months ago

There is a critical vulnerability in protobujs. It's causing npm audit to fail and causing many CI/CD pipelines to fail. When should we expect a new version with the fixed dependency?

Could someone help with accelerating this internally at Google? 🙄

https://github.com/googleapis/gax-nodejs/issues/1586

cindy-peng commented 2 months ago

Thanks for opening this issue! @scaryguy Is this issue for @google-cloud/logging-min or @google-cloud/logging?